search

NatLibFi / Annif

Annif is a multi-algorithm automated subject indexing tool for libraries, archives and museums.
https://annif.org
Other
203 stars 41 forks source link

Security levels for REST API methods #22

Open osma opened 7 years ago

osma commented 7 years ago

The CLI commands can be run with any user with read access to the configuration file. But the REST API should have more protection. The levels could be something like this:

  1. Superuser: can do anything
  2. Project configuration: can administer (e.g. using PUT) a specific existing project
  3. Subject administration: can administer the subjects of a specific project
  4. Learning: can perform learning operations on existing subjects of a specific project
  5. Analysis: can perform document analysis, evaluation etc. - read only, no need for protection

How to implement this is left open for now. The Connexion toolkit seems to support OAuth2 access control, which might be used here in some way.

kinow commented 5 years ago

And once that's implemented in the backend, for the frontend there are libraries like Kindergarten, CASL, that support authorization through permissions/groups.